+ + + +

Security at MyDirector AI

Your data security is not an afterthought — it's built into every layer of our platform. We follow industry best practices to protect your content, recordings, and personal information.

Your Data Is Encrypted

  • Encryption at rest — sensitive credentials (such as Instagram tokens) are encrypted using AES-256-GCM, the same encryption standard used by banks and government agencies
  • Encryption in transit — all data transmitted between your browser and our servers is protected with TLS/HTTPS encryption
  • Secure storage — your recordings and files are stored in encrypted, access-controlled storage buckets

Only You Can Access Your Data

  • User isolation — every database query is scoped to your account. You can never access another user's data, and they can never access yours
  • Authentication required — all sensitive operations require active authentication
  • Re-authentication for critical actions — deleting your account or changing your password requires you to re-enter your credentials
  • Automatic session management — sessions expire to prevent unauthorized access from unattended devices

Enterprise-Grade Infrastructure

  • Hosted on trusted platforms — our infrastructure runs on industry-leading cloud providers with SOC 2 Type II and ISO 27001 certifications
  • Distributed rate limiting — automated protections prevent brute-force attacks and abuse
  • Origin validation — requests are validated to prevent cross-site request forgery (CSRF) attacks
  • Security headers — we enforce strict security headers including HSTS, X-Frame-Options, and Content-Security-Policy

Responsible AI Practices

  • No model training on your data — your conversations, recordings, and content ideas are never used to train, fine-tune, or improve AI models
  • Purpose-limited processing — AI models process your data in real-time to provide the service, but do not retain it beyond the session
  • Conversation memory is yours — session insights are stored solely to improve your own future sessions, not shared with others
  • Third-party AI providers — we use established, trusted AI providers bound by strict data processing agreements

You're in Control

  • Data export — download a complete copy of all your data at any time, including recordings and transcripts
  • Account deletion — permanently delete your account and all associated data with one click
  • Instagram disconnection — revoke Instagram access instantly; your token is immediately invalidated and deleted
  • Deletion audit trail — all data deletion actions are logged for your records and regulatory compliance

Continuous Protection

  • Regular security audits — we conduct comprehensive security assessments of our codebase and infrastructure
  • Vulnerability remediation — identified issues are prioritized and resolved promptly based on severity
  • Abuse prevention — intelligent rate limiting and access controls protect against automated attacks
  • Incident preparedness — we maintain procedures to detect, respond to, and recover from security incidents

Standards We Follow

While we are a growing company scaling toward formal certifications, our security practices are aligned with industry-recognized frameworks:

  • OWASP Top 10 — our development process addresses the most critical web application security risks
  • SOC 2 Principles — our controls are designed around the Trust Services Criteria (security, availability, confidentiality)
  • GDPR — full compliance with EU data protection regulations, including data subject rights and lawful processing
  • CCPA — compliance with California Consumer Privacy Act requirements

We Believe in Transparency

We are committed to being open about how we protect your data. If you'd like a deeper look at our security controls:

Security Package Available on Request

For users or organizations that require detailed security documentation, we maintain a comprehensive security assessment that covers our technical controls, data handling procedures, and encryption standards in detail.

To request our Security Package, email us at hello@mydirector.ai. Access is provided under a mutual Non-Disclosure Agreement (NDA) to protect sensitive implementation details.

Report a Vulnerability

If you discover a security vulnerability in our service, we appreciate your help in disclosing it to us responsibly.

Please email security concerns to: hello@mydirector.ai

We ask that you:

  • Give us reasonable time to address the issue before public disclosure
  • Avoid accessing or modifying other users' data
  • Act in good faith to avoid disruption to the service

We do not currently operate a formal bug bounty program, but we appreciate and acknowledge responsible disclosures.

Questions about security?

Contact us at hello@mydirector.ai — we're happy to discuss how we protect your data.